Fully implement AWS4 signing support #118
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fully implemeents AWS4 signing support, which was only partially added by 5d9165. This adds the Sign field to Region, which can be used to sign a request with default sign method for that region. In addition we have a single method that implements signing of requests for each supported signing method: * SignV2 * SignV4 * SignRoute53 Fix V4Signer adding headers to the request after calculating the canonicalHeaders, due to this change all the tests have had to be updated with corrected checksums and headers. Unfortunately it was not possible to make this change 100% backwards compatible. The following changes are API incompatible and hence may require users to update their code: * Removes Signature constants, as they are not used any more * Removes ServiceInfo type, as its not used any more * Removes Signer interface, as its not compatible with all signing methods. * Changes the type of Region.RDSEndpoint from ServiceInfo -> string * Renames Region.CloudWatchServicepoint -> CloudWatchEndpoint and changes its type from ServiceInfo -> string. * Changes NewService from (auth Auth, serviceInfo ServiceInfo) -> (auth Auth, endpoint string, region Region). * Changes NewV2Signer from (auth Auth, service ServiceInfo) -> (auth Auth, endpoint string) * Changes NewCloudWatch from (auth aws.Auth, region aws.ServiceInfo) -> NewCloudWatch(auth aws.Auth, region aws.Region) * Changes CanonicalRequest return from string to string, error Also switch to using http status code constants while I'm here to ease comprehension.
Fully implement AWS4 signing support
While s3 states it supports AWS Signature Version 2 this is not the case as it requires custom changes such as Expires parameter, so the previous change which uses the common AWS Signature Version 2 caused failures. Follow the official AWS SDK in using only Signature Version 4, which is now supported everywhere, to avoid using the old custom s3 Signature Version 2 implementation. Also expose the option to enable debugging by switching const debug to var Debug.
Switch s3 to use only AWS Signature Version 4
The sort for the query is defined as being on the keys and not keys + values. Switch from the custom code to the built in Query().Encode() which does the right thing once passed through a replace of + with %20.
The merge with upsteam brought in an additional region which needed adapting to our format.
Fix after merge with upsteam
|
Closing due to lack of feedback, which has forced us to switch to an alternative implementation |
This was referenced Feb 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fully implements AWS4 signing support, which was only partially added by 5d9165.
This adds the Sign field to Region, which can be used to sign a request with default sign method for that region.
In addition we have a single method that implements signing of requests for each supported signing method:
Fix V4Signer adding headers to the request after calculating the canonicalHeaders, due to this change all the tests have had to be updated with corrected checksums and headers.
Unfortunately it was not possible to make this change 100% backwards compatible.
The following changes are API incompatible and hence may require users to update their code:
Also switch to using http status code constants while I'm here to ease comprehension.
While s3 states it supports AWS Signature Version 2 this is not the case as it requires custom changes such as Expires parameter, so the previous change which uses the common AWS Signature Version 2 caused failures.
Follow the official AWS SDK in using only Signature Version 4, which is now supported everywhere, to avoid using the old custom s3 Signature Version 2 implementation.
Also expose the option to enable debugging by switching const debug to var Debug.